运维利器-puppet集中配置管理系统安装测试[转]

非法入侵

　　运维利器-puppet集中配置管理系统安装测试
　　环境：
192.168.128.128               puppet-server
192.168.128.32                puppet-client

1，安装前准备工作
puppet是ruby写的程序，依赖ruby环境，rpm -qa|grep ruby检查是否安装，若没安装，可挂载本地光盘或者在线yum安装:
[iyunv@localhost ~]# yum install -y ruby-libs ruby ruby-irb ruby-rdoc

[iyunv@localhost ~]# hostname puppet-server        #客户端为puppet-client
[iyunv@localhost ~]# vi /etc/hosts
127.0.0.1       localhost.localdomain localhost puppet-server #客户端为puppet-client
::1             localhost6.localdomain6 localhost6
192.168.128.32  puppet-client      #客户端为192.168.128.128  puppet-server
[iyunv@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=puppet-server     #客户端为puppet-client
[iyunv@localhost ~]# vi /etc/resolv.conf
; generated by /sbin/dhclient-script
#search localdomain        #注释这行，大部分的文章都没写这一步，造成无法认证；
nameserver 192.168.128.2
修改完以上文件，退出重新登录。

2，puppet-server安装配置
[iyunv@puppet-server ~]# cd /usr/local/src/
[iyunv@puppet-server src]# tar zxf facter-1.6.8.tar.gz
[iyunv@puppet-server src]# tar zxf puppet-2.6.14.tar.gz
[iyunv@puppet-server src]# cd facter-1.6.8
[iyunv@puppet-server facter-1.6.8]# ruby install.rb
[iyunv@puppet-server facter-1.6.8]# cd ../puppet-2.6.14
[iyunv@puppet-server puppet-2.6.14]# ruby install.rb
[iyunv@puppet-server puppet-2.6.14]# cp conf/redhat/fileserver.conf /etc/puppet/
[iyunv@puppet-server puppet-2.6.14]# cp conf/redhat/puppet.conf /etc/puppet/
[iyunv@puppet-server puppet-2.6.14]# cp conf/redhat/server.init /etc/init.d/puppetmaster
[iyunv@puppet-server puppet-2.6.14]# chmod +x /etc/init.d/puppetmasterd
[iyunv@puppet-server puppet-2.6.14]# chkconfig --add puppetmasterd
[iyunv@puppet-server puppet-2.6.14]# chkconfig --level 35 puppetmasterd on
[iyunv@puppet-server puppet-2.6.14]# mkdir /etc/puppet/manifests
[iyunv@puppet-server puppet-2.6.14]# puppetmasterd --mkusers
[iyunv@puppet-server puppet-2.6.14]# /etc/init.d/puppetmasterd start

3，puppet-client安装配置
[iyunv@puppet-client ~]# cd /usr/local/src/
[iyunv@puppet-client src]# tar zxf facter-1.6.8.tar.gz
[iyunv@puppet-client src]# tar zxf puppet-2.6.14.tar.gz
[iyunv@puppet-client src]# cd facter-1.6.8
[iyunv@puppet-client facter-1.6.8]# ruby install.rb
[iyunv@puppet-client facter-1.6.8]# cd ../puppet-2.6.14
[iyunv@puppet-client puppet-2.6.14]# ruby install.rb
[iyunv@puppet-client puppet-2.6.14]# cp conf/namespaceauth.conf /etc/puppet/
[iyunv@puppet-client puppet-2.6.14]# cp conf/redhat/puppet.conf /etc/puppet/
[iyunv@puppet-client puppet-2.6.14]# cp conf/redhat/client.init /etc/init.d/puppetd
[iyunv@puppet-client puppet-2.6.14]# chmod +x /etc/init.d/puppetd
[iyunv@puppet-client puppet-2.6.14]# chkconfig --add puppetd
[iyunv@puppet-client puppet-2.6.14]# chkconfig --level 35 puppetd on
[iyunv@puppet-client puppet-2.6.14]# puppetd --mkusers #创建用户报错，以下手动创建
[iyunv@puppet-client puppet-2.6.14]# groupadd puppet
[iyunv@puppet-client puppet-2.6.14]# useradd -g puppet -M puppet
[iyunv@puppet-client puppet-2.6.14]# /etc/init.d/puppetd start

4，签名认证
客户端发送请求：
[iyunv@puppet-client puppet-2.6.14]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for ca
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
info: Creating a new SSL certificate request for puppet-client
info: Certificate Request fingerprint (md5): FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
warning: peer certificate won't be verified in this SSL session
Exiting; no certificate found and waitforcert is disabled

服务器端查看认证请求：
[iyunv@puppet-server ~]# puppetca -l
  puppet-client (FB:5F:4B:05:8E:56:7F:A0:71:B0:59:6C:19:E5:A8:C4)

认证单个客户端：
[iyunv@puppet-server ~]# puppetca -s puppet-client
notice: Signed certificate request for puppet-client
notice: Removing file Puppet::SSL::CertificateRequest puppet-client at '/var/lib/puppet/ssl/ca/requests/puppet-client.pem'

认证所有客户端：
[iyunv@puppet-server ~]# puppetca -s -a

客户端再次执行，已完成认证：
[iyunv@puppet-client puppet-2.6.14]# puppetd --test --server puppet-server
warning: peer certificate won't be verified in this SSL session
info: Caching certificate for puppet-client
info: Caching certificate_revocation_list for ca
info: Caching catalog for puppet-client
info: Applying configuration version '1337769948'
info: Creating state file /var/lib/puppet/state/state.yaml
notice: Finished catalog run in 0.01 seconds

5，最简单测试：修改客户端文件权限
服务器端添加主配置文件site.pp：
[iyunv@puppet-server ~]# vi /etc/puppet/manifests/site.pp
file
{       "/root/install.log":
         owner => "puppet",
         group => "puppet",
         mode => 666,
}


　　
客户端执行命令：
[iyunv@puppet-client ~]# puppetd --test --server puppet-server

客户端/root/install.log文件执行前后属主权限变化：

　　
刚刚接触puppet，后续将深入配置实例演示……
　　ps
　　我与本文的作者安装的稍微有些出入,我添加了epel源之后,直接yum search puppet ,然后安装yum install puppet-server,后面的facter也是可以用yum安装的,node节点与server认证,以及测试的时候,我参考了本文的作者的例子！